We're getting more and more customers who don't have the infrastructure to set up a local server. Up to now I've been setting up separate cheap cloud servers for each one, but this doesn't scale.
So I've just set up a simple Apache SCGI over SSL proxy, which works fine. I'd like to make it a little more secure; does TurboFloat allow me to specify authentication details? I've tried specifying a server address like “username:password@address” which doesn't seem to work. (It gives me the “successful configuration” page in a browser, so I know Apache is doing its part)
I'd ideally like to have each customer on a separate vhost, but if I can't put any authentication there then it's open to abuse from anyone who has a look at the DNS zone…
You can't use “basic auth”. You'll have to limit specific hosts to ip range limits.
When LicenseChest is out this will be significantly easier.
Address restriction is not really much use apart from those customers physically tied to a desk… (and even some of those will be on a connection with dynamic IP)
I've been putting this off for a couple of years now because I thought LicenseChest was on the horizon, but I need to try and find some sort of workaround. The one I'm leaning towards is registering a whole new domain for each customer, which seems crazy wasteful, but cheaper than separate servers!
